BerryLink
分享 热爱 坚持

黑莓发布搭载Android系统Blackberry手机安全公告-2016年7月

黑莓官方发布2016年7月搭载Android系统Blackberry手机安全公告,更新版本号为AAF518。Android Security

此次更新可修复下面的漏洞:

Summary/摘要 Description/说明 CVE/漏洞编号
Remote Code Execution Vulnerabilities in Mediaserver Remote code execution vulnerabilities in mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing.The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media. CVE-2016-2505
CVE-2016-2506
CVE-2016-2507
CVE-2016-2508
CVE-2016-3741
CVE-2016-3742
CVE-2016-3743
CVE-2016-2505
CVE-2016-2506
CVE-2016-2507
CVE-2016-2508
CVE-2016-3741
CVE-2016-3742
CVE-2016-3743
Remote Code Execution Vulnerability in OpenSSL & BoringSSL A remote code execution vulnerability in OpenSSL and BoringSSL could enable an attacker using a specially crafted file to cause memory corruption during file and data processing. CVE-2016-2108
Remote Code Execution Vulnerability in Bluetooth A remote code execution vulnerability in Bluetooth could allow a proximal attacker to execute arbitrary code during the pairing process. CVE-2016-3744
Elevation of Privilege Vulnerability in libpng An elevation of privilege vulnerability in libpng could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-3751
Elevation of Privilege Vulnerabilities in Mediaserver Elevation of privilege vulnerabilities in mediaserver could enable a local malicious application to execute arbitrary code within the context of an elevated system application. CVE-2016-3745
CVE-2016-3746
CVE-2016-3747
Elevation of Privilege Vulnerability in Sockets An elevation of privilege vulnerability in sockets could enable a local malicious application to access system calls outside of its permissions level. CVE-2016-3748
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the Parcels Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. CVE-2016-3750
Elevation of Privilege Vulnerability in ChooserTarget Service An elevation of privilege vulnerability in the ChooserTarget service could enable a local malicious application to execute code in the context of another application. CVE-2016-3752
Information Disclosure Vulnerability in OpenSSL An information disclosure vulnerability in OpenSSL could enable a remote attacker to access protected data normally only accessible to locally installed apps that request permission. CVE-2016-2107
Denial of Service Vulnerabilities in Mediaserver Denial of service vulnerabilities in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-3754
CVE-2016-3755
CVE-2016-3756
Elevation of Privilege Vulnerability in lsof An elevation of privilege vulnerability in lsof could enable a local malicious application to execute arbitrary code that could lead to a permanent device compromise. CVE-2016-3757
Elevation of Privilege Vulnerability in DexClassLoader An elevation of privilege vulnerability in the DexClassLoader could enable a local malicious application to execute arbitrary code within the context of a privileged process. CVE-2016-3758
Elevation of Privilege Vulnerability in Framework APIs An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to request backup permissions and intercept all backup data. CVE-2016-3759
Elevation of Privilege Vulnerability in Bluetooth An elevation of privilege vulnerability in the Bluetooth component could enable a local attacker  to add an authenticated Bluetooth device that persists for the primary user. CVE-2016-3760
Elevation of Privilege Vulnerability in NFC An elevation of privilege vulnerability in NFC could enable a local malicious background application to access information from a foreground application. CVE-2016-3761
Elevation of Privilege Vulnerability in Sockets An elevation of privilege vulnerability in sockets could enable a local malicious application to gain access to certain uncommon socket types possibly leading to arbitrary code execution within the context of the kernel. CVE-2016-3762
Information Disclosure Vulnerability in Proxy Auto-Config An information disclosure vulnerability in the Proxy Auto-Config component could allow an application to access sensitive information. CVE-2016-3763
Information Disclosure Vulnerabilities in Mediaserver Information disclosure vulnerabilities in mediaserver could allow a local malicious application to access sensitive information. CVE-2016-3764
CVE-2016-3765
Denial of Service Vulnerability in Mediaserver A denial of service vulnerability in mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. CVE-2016-3766
Elevation of Privilege Vulnerabilities in Qualcomm GPU Driver Elevation of privilege vulnerabilities in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2503
CVE-2016-2067
Elevation of Privilege Vulnerability in Qualcomm Performance Component An elevation of privilege vulnerability in the Qualcomm performance component could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3768
Elevation of Privilege Vulnerability in Kernel File System An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3775
Elevation of Privilege Vulnerability in USB Driver An elevation of privilege vulnerability in the USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2015-8816
Elevation of Privilege Vulnerability in Qualcomm Components An elevation of privilege vulnerability could enable a malicious application to execute code within the context of the kernel. CVE-2014-9801
Elevation of Privilege Vulnerability in Qualcomm USB Driver An elevation of privilege vulnerability in the Qualcomm USB driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2502
Elevation of Privilege Vulnerability in Qualcomm Camera Driver An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2501
Elevation of Privilege Vulnerabilities in Kernel File System Elevation of privilege vulnerabilities in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3802
CVE-2016-3803
Elevation of Privilege Vulnerability in Qualcomm Sound Driver An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-2068
Elevation of Privilege Vulnerability in Kernel An elevation of privilege vulnerability in the kernel could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2014-9803
Information Disclosure Vulnerability in Networking Component An information disclosure vulnerability in the networking component could enable a local malicious application to access data outside of its permission levels. CVE-2016-3809
Elevation of Privilege Vulnerability in Kernel Video Driver An elevation of privilege vulnerability in the kernel video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. CVE-2016-3811
Information Disclosure Vulnerability in Qualcomm USB Driver An information disclosure vulnerability in the Qualcomm USB driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-3813
Information Disclosure Vulnerability in Kernel Teletype Driver An information disclosure vulnerability in the teletype driver could enable a local malicious application to access data outside of its permission levels. CVE-2016-0723

建议Blackberry Priv用户及时更新

OTA更新方法:设置Settings > 关于About > 系统更新System update > 检查更新Check for update.
一键系统更新autoloader
Blackberry Priv STV100-1, STV100-3, STV100-4: AAF518 – 下载系统安装包 (可能需要代理)

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统Blackberry手机安全公告-2016年7月
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员